Update 04.3.md

typographical errors and improved readability
2016-04-06 06:07:20 +02:00
parent b3e37b2386
commit 4b1ba12f18
1 changed files with 3 additions and 3 deletions
--- a/en/04.3.md
+++ b/en/04.3.md
@@ -1,12 +1,12 @@
 # 4.3 Cross site scripting

-Today's websites have much more dynamic content in order to improve user experience, which means that we must provide dynamic information depending on every individual's behavior. Unfortunately, there is a thing called "Cross site scripting" (known as "XSS") always attacking dynamic websites, from which static websites are completely fine at this time.
+Today's websites have much more dynamic content in order to improve user experience, which means that we must provide dynamic information depending on every individual's behavior. Unfortunately, dynamic websites are susceptible to malicious attacks known as "Cross site scripting" (known as "XSS"). Static websites are not susceptible to Cross site scripting.

 Attackers often inject malicious scripts like JavaScript, VBScript, ActiveX or Flash into those websites that have loopholes. Once they have successfully injected their scripts, user information can be stolen and your website can be flooded with spam. The attackers can also change user settings to whatever they want.

-If you want to prevent this kind of attack, you should combine the two following approaches: 
+If you wish to prevent this kind of attack, you should combine the following two approaches: 

- Verification of all data from users, which we talked about in the previous section.
+- Validation of all data from users, which we talked about in the previous section.
 - Carefully handle data that will be sent to clients in order to prevent any injected scripts from running on browsers.

 So how can we do these two things in Go? Fortunately, the `html/template` package has some useful functions to escape data as follows: